Cool offNow that’s done, and you’ve wiped thesweat of concentration from your brow, thenext step is to install the cooler. If you’reusing the cooler than came with yourprocessor, installation is a simple, but willvary greatly depending on the brand andgeneration, so use the included instructionsfor specific installation directions.That goes double for anyone using a third-party cooler, which will use a proprietaryinstallation bracket. Following the included instructions is crucial to success.Every cooler will need thermal paste. AMD and Intel apply it to their coolers in the factory, but users witha third-party cooler have to do it themselves, and rubbing goo on an expensive CPU isn’t asstraightforward as it sounds.Thermal paste is a necessary part of any cooler. This silver goo is an excellent thermal conductor,allowing heat to transfer from the chip to the cooler with ease. Without, your cooler won’t work very well,if at all. When the instructions indicate, simply apply a single dot, about the size of a small pea, right inthe center of the chip. After squishing the chip and cooler together, try not to wiggle or twist too much, toensure a smooth, full connection.Either way, the cooler is going to need power. Plug the wires from the fan into a four-pin connection onthe motherboard, which should be close to theprocessor and labeled “CPU_FAN.”Installing MemoryWe’re in the home stretch now, and the lastfew components are nice and easy. RAM inparticular doesn’t require any careful gooplacement or wires. There are just twoimportant factors, assuming you’ve chosen 51
compatible RAM — direction and slot choice.Direction is easy enough. Each memory stick has a notch in the contacts along the bottom, which linesup with a block in the memory slots on the motherboard. If you hold it just above the slot and the two lineup, it’s facing the right direction.Slot choice depends on a few factors, and one of which is how the RAM you bought is packaged. If it’sjust a single stick of RAM, install it in the A1 slot and move on with your life.If there are two identical sticks of RAM together, as is much more common, this is called a dual-channelconfiguration. The system can use both sticks as if they were a single block of RAM, but access themboth individually, providing a modest boost to memory performance. These sticks should be installed inchannels on the motherboard with matching colors, usually labeled A1 and B1.Now that we know which slot and direction, the next part is easy. Push the plastic wings at either end ofthe slot down and outward, then place the stick in the slot sticking straight up. Push down firmly until theRAM clicks into the slot and plastic wings click back in and clamp the ends of the sticks. Easy!Installing MotherboardInstalling the motherboard with all of the parts on it is easy enough, but it can’t just sit in your case. Mostmodern cases have spacers between the back wall and motherboard, known as standoffs, that are builtin permanently. They act as a ground for the motherboard, while preventing the connections on the backfrom shorting.Some cases will have removable stand-offs you have to install yourself. These are easy to identifybecause they look unusual — they’re essentially screws that have another screw hole on top instead ofa head for a Philips or flat-head screwdriver. They’re usually copper or gold in color, which makes themeasy to pick out. 52
The orientation of your motherboard is dependent on your case. At the back, or the top, you’ll see a rectangular cut- out. This is for the motherboard’s I/O panel – the portion containing the USB, video, and Ethernet connections. Your motherboard will be packaged with an I/O shield that fits into this rectangular cut-out. If you install that shield, and then align your motherboard’s I/Opanel with it, you’ll find the screw holes in the motherboard align with the stand-offs in your case.Well, generally. You may have to wiggle the motherboard slightly to make sure it snaps properly intothe I/O shield and the stands-offs align. This may require a bit of effort, but shouldn’t require muchforce. If you find yourself forcing the motherboard, it’s a good idea to double-check how you’vealigned it, as it may not be positioned properly.Depending on the combination of case and motherboard, attaching the two will require anywherebetween six and 10 screws. You may find that not all of them will match up with standoffsunderneath, but dropping a screw in will reveal whether it threads or not right away.Like every set of screws, the first step is seating the screws and giving them a couple of precursoryturns. Then, proceed in a star pattern, tightening a little bit on each screw at a time. Don’t go wildwhile tightening them, as you might damage the board if you put in too much effort.Once the motherboard is comfortably seated in the case, there are a few necessary connections. Oneis the power cable, which in the case of the motherboard, will be a wide, two-row cable that fitssnugly into a similar looking spot on the board itself. This 20-28 pin connector powers both themotherboard and the CPU. However, some mobos have a second 4-pin or 8-pin connect for theprocessor, which is located near it. You’ll need to plug that in, too, if it’s on your mobo. 53
There are also case plugs and buttons that need to be connected to the motherboard to function properly. A two-wide row of pins, the location of which will be noted in your manual, run the power and reset buttons, power and hard drive activity LEDs, and any USB 2.0 ports. These small cables will run in a bundle from wherever the ports on the caseare, and installing them is as simple as matching the labels on the pins with the labels on theconnections. However, their size can make them very hard to properly install. If you have amagnifying glass, now is a great time to use it. A set of tweezers can come in handy, as well.The USB header that connects to your front-facing motherboard ports will be on its own. Thisconnection is about eight by two pins, and they’re enclosed in a larger plastic housing. It has anotch on one side that should clearly indicate which direction it plugs in.GPUNot every system needs a dedicated GPU, but if yours does, no worries! The installation couldn’t be simpler.We’re also assuming for this step that the card you’ve chosen is appropriate for your case size, capabilities,and power supply. For a more detailed walk-through of GPU installation, make sure to check out our videoguide.Modern graphics cards take up a PCIe slot. It’s a long, thin connector located on the rear of the motherboard,below the processor. To seat the card in that slot, you’ll need to remove a backplate from your enclosure. Arow of thin metal brackets on the back of the case keep it sealed up.You’ll need to remove one or two, depending on the width of your card. Do this by removing the screw thatsecures the backplate you want to take out. Once removed, the plate should slide out freely. Keep the screw,as you’ll need it in a moment. 54
Once the brackets are clear, it’s time to seat the card in the PCIe slot. First, make sure the switch on the slot on the motherboard is pushed outward. Then, with the ports facing the empty spot where the backplate used to be, carefully line up the long series of contacts on the card with the appropriate slot on the motherboard. Once it’s lined up properly, a solid push on the top of the card should cause it to snap into place as the switch clicks backin to hold it. Not much force is required, so if you encounter a great deal of resistance, take another look atthe backplate and PCIe slot to make sure both are clear, and the motherboard is properly aligned.Use the screws you pulled from the metal brackets to fasten the back of the card into the same spot in thecase. Again, they don’t need to be as tight as possible — just enough to make sure the card is held firm.Most video cards need extra power apart from what the PCIe slot can provide. Those cards that do will havea PCIe power connector on the side of the card facing away from the motherboard or, in some cases, on theside facing the front of the case. The connector is a group of square plastic pins numbering six, or eight. Themost powerful cards may in fact have two such connectors. Find the appropriate connector on your powersupply and slot it in. The connector is designed to prevent improper installation, so if the connection isn’teasy, double-check your alignment to make sure it’s correct.Additional expansion cardsGraphics cards aren’t the only component that uses the PCIe slot, and the list includes wireless networkingcards, sound cards, and even hard drives. The process for installing them is very similar to the GPU process,however.First, remove the metal bracket in the back of the case that corresponds with the PCIe or other expansionslot you’ll be installing the device into. Keep the screw from the bracket handy, as we’ll use it to reattach thenew card.PCIe slots have a small switch at the interior end, which you can push down and outward to open the slot.Then, simply line up the row of contacts on the card with the slot, and push down firmly. Once the card isseated, the switch will flip back up. Securing the card in place is as simple as screwing it into the back of thecase and attaching any necessary PCIe ports.There are a few different types of PCIe slot. A good deal of expansion cards use the “PCIe 4x” slot, which ismuch shorter than the full PCIe slot used by video cards. A quick check of your motherboard’s connectivity,and the size of the connector on your card, will make it obvious which slot is appropriate. If in doubt, referto the expansion card’s manual. 55
INSTALLING A DRIVE OF EVERY TYPEThere are three different hard drive sizesyou’re likely to encounter, and they all mountand connect differently. Generally, spinningdisk data drives are the larger 3.5-inch size,while newer SSDs have adopted the smaller2.5-inch size. There’s also the even smaller M.2format, which is a thin, bare chip measuringabout 1 x 3 inches.We’ll start with 3.5-inch data drives, which areusually mounted up high at the front of thesystem. Your case is almost guaranteed tohave at least one slot dedicated to this type ofdrive. Installation will depend on the enclosure. Most have a simple hard drive cage. Installing a drive meansslotting it into a mount on the cage and aligning the screw holes on the sides of the drive with those on theside of the cage. Make sure that the power and data connectors on the drive face inwards, toward themotherboard. Once aligned, screw the drive into place.Expensive cases may have a “tool-less” installation system. As the term implies, this design should mean it’spossible to install the drive without a screwdriver. Usually this means placing the drive into a cradle or cagethat then inserts into a slot in the case. Refer to your enclosure’s instructions for specifics, since the techniquevaries from one brand to the next.When it comes to 2.5-inch drives, the mounting process and location is going to vary a bit more. Some caseshave a cage, similar to the 3.5-inch mounting, where the SSD can just slide in — no rivets, no screws, nobrackets. If it doesn’t, the SSD will need an adapter to fit it in a 3.5-inch bay, which is accomplished in one oftwo ways. Either the larger bracket has screw holes inside which allow you to screw the drive into the middle,or the case will include a bracket that adds some extra girth to the 2.5-inch drive.The M.2 drive is the newcomer in the hard drive world. It looks substantially different than the other twodrives, with an exposed PCB and memory chips on both sides, and a series of contacts on the short side. Ifthat sounds like what you have, you’ll want to hunt for the M.2 slot on your motherboard, which will consistof a slot the size of the small end of the drive, and a screw a few inches away. Remove the screw, insert thecontact end into the slot, then push down gently until you can use the screw to hold the drive in place onceagain. 56
Hard drives require two connections as well, one for power and one for data. The good news is that bothare L-shaped, so it’s hard to plug them in the wrong slot or the wrong direction.Optical driveWhile optical drives are on their way out in thecomputing world, there are still a lot of builders whoprefer to include them. The optical drive mounts in a5.25-inch slot that looks similar to the 3.5-inch slotwhere we installed the mechanical drive, and theinstallation procedure is similar as well.The drive itself loads into the system from the front,but if it doesn’t fit, you may need to remove the frontfaceplate of your system. If that’s the case, check yourcase’s manual for specific instructions.Once all obstructions are clear, slide the drive in from the front of the case until it’s flush with the faceplate,or the other front-facing drives. Then, simply attach the included screws through the side of the case tomount it there. The cables should be similar if not identical to the ones used for the 3.5-inch hard drive.There’s no real way to install the wrong ones, or install them the wrong direction.Preparing to bootNow before you get too excited and hit that power button, it’s worth running back through the system tomake sure everything is properly seated and connected. Let’s start with the components found in everymachine.The motherboard is usually easy to spot if it isn’t plugged in. Most PSUs have one wide cable that’s obviouslyintended for this slot, with no other connections on it. It should plug into your board somewhere near thePCIe slots, but location will vary.Your motherboard is also likely to have a second, four-pin or possibly eight-pin, connector. This powers theprocessor. You may have to look through your power supply’s available connectors with a keen eye to findthis, because it looks a lot like a PCIe power connector. But don’t worry. A PCIe connector will not fit, soimproper installation isn’t possible. 57
The CPU cooler also needs power, but it gains it from the motherboard. Its power cable shouldn’t have to go far though, as most motherboards keep the plug close by the socket. The little wire is just three or four sockets, and connects to a set of four pins on the motherboard. The hard drives need their own power sources too, in the form of L-shaped plastic connectors. Typically, a string of three or four runs straight off the power supply, with just that type of connection on it. These can’t be installed the wrongway, either.Finally, high-powered graphics cards need their own power connection, usually in the form of a blackrectangular connector with six or eight pins. These plugs are brightly colored and easy to spot, and only fit inthe interior end of the card in one orientation. If they aren’t plugged in, the fans on the card won’t spin, andit won’t produce any video output.The final stepsNow that you’ve double-checked everything, turn on the power supply, and press the power button on thefront. A lot of systems don’t boot correctly the first time, so don’t get discouraged if you need to go back andcheck connections again.Once it does boot, you’ll need to install an operating system. Luckily, we’ve built a handy guide that walksyou through this process clearly, and succinctly. If you don’t have another PC around to download the ISO,you can purchase a USB thumb drive from Windows with the OS image ready to go.Once that’s taken care of, you’ll also need to install some drivers. Typically the chipset driver for yourmotherboard will handle a lot of the smaller components, and usually only discrete graphics cards will requirea driver of their own, although this varies greatly based on motherboard and component manufacturer.Check out the AMD page for Radeon drivers, or the Nvidia page for GeForce drivers, and remember to checkboxes for install discs and other information.With some luck, and a lot of attention to detail, your system should be fully operational. Make sure to keepan eye out for any error messages, and hold your hand outside the case fans to make sure air is flowing andisn’t too hot, at least for a few weeks. If something breaks, or needs an upgrade, you’re fully equipped todeal with it. Just watch out for static. 58
59
Install a Computer SystemPreparing for InstallationDuring Installation, the Setup program will ask for information on how to install and configureWindows 2000. Prepare for the Windows 2000 operating system installation by collectinghardware information and establishing configuration decisions prior to initiating the installationprocess. The following checklist provides some guidelines as to the information that needs to bedefined prior to initiating the installation process.Table 3.1 Windows 2000 Pre-Installation Checklist Description Hardware Compatibility: Review all hardware to ensure compatibility with the Windows 2000 operating system. Hardware components include: Motherboard, network adapters, video card, sound card, CD-ROM drives, etc. The Windows 2000 Hardware Compatibility List (HCL) can be found at: http://www.microsoft.com/windows2000/server/howtobuy/upgrading/compat/ Disk Space: Ensure the system has sufficient disk space. The minimum disk space recommended for installation of Windows 2000 is 2 gigabytes (GB). Disk Partitions: Determine disk-partitioning requirements, keeping in mind the minimum disk space recommendations for installation of the Windows 2000 operating system. File System: The file system must be configured as NTFS in order to allow configuration of security. A commonly held misconception is that it is easier to recover a system that is running with a FAT partition. This is not true. FAT only makes you less secure, it does not ease recovery. Installation Method: Determine whether the Windows 2000 operating system will be installed from Setup boot disks, CD-ROM, or over-the-network. Procedures provided in this document describe installations from boot disks or from CD-ROM. Service Components: Prior to installation, determine the services that will be required for the installed operating system. For server installations, considerations may include Active Directory, DNS, WINS, or DHCP. 60
Windows 2000 Installation ProcessInstallation MethodsWindows 2000 can be installed as either an upgrade to an existing Windows operating systemor as a new operating system installation. To ensure security Windows 2000 should be the onlyoperating system on the computer and be installed on a clean partition. That is, any previousoperating system must be wiped clean from all hard disk partitions within the computer prior toinstalling Windows 2000.There are three methods available to install the Windows 2000 operating system: Setup boot disks – This method is designed to be used with legacy computers which do not support bootable CD-ROM disks. It will not be discussed further CD-ROM Over-the-network – These are discouraged except in environments where the network can be guaranteed to be non-hostile.Initiating the Installation from a Bootable CD-ROMUsing a bootable CD-ROM is the simplest and fastest method of installing Windows 2000. Toensure that the machine is not compromised during setup, however, it is highly recommendedthat it be disconnected from the network until setup is complete and the most recent servicepack is installed.Start Setup from a bootable CD-ROM as follows: 1. Insert the CD-ROM in the drive. 2. Restart the computer and wait for Setup to display a dialog box. On many computers you will be required to press any key during the boot process to boot from a CD-ROM. 3. Follow the Setup instructions on the screen.In the remainder of this chapter, we will point out the most secure way of installing the system.This is not intended as a complete walk-through of the setup process.Configuring Disk PartitionsDuring the initial text-mode setup of thesystem, setup will ask where to installWindows 2000. Figure 1 shows the dialogpresented. If there are multiple partitions ormultiple hard disks they will be identified inthe display. The example in Figure 1 belowshows a 40 Gigabyte Hard disk that is notpartitioned. For security purposes, it is 61
highly recommended that this dialog be used to delete all other operating systempartitions from the system. For workstations, we recommend using all space on a disk forthe installation partition. For servers, we recommend using about 4 GB of space on one disk forthe operating system. The remaining space in the system should be reserved for data files,services, utilities and so on. Wehighly discourage storage of user data files on the boot partitionon servers, while on workstations this is acceptable practice which makes it easier for users tolocate their data.Figure 1: Select a disk partitionThe next step after creating the partition is to format it. For all systems where security is arequirement all partitions must be NTFS formatted. Only on systems using NTFS can anyreasonable security be presumed.Assign an Administrator account passwordThe Computer Name and Administrator Password dialog box shown in Figure 2 provides ameans of setting the password for the default Administrator account. The specific guidance onhow to set a good password is provided in the section 3.3, Choosing Good Passwords It isimperative that a good password is set on the built-in Administrator account during setup. Figure 2: Computer Name and Administrator Password Dialog Choose service components for Windows 2000 Server products In the Windows 2000 Components dialog box, select the necessary components for the server being installed. This dialog box allows addition or removal of components during installation. The default configuration of Windows 2000 Professional is acceptable,but Windows 2000 Server needs to be modified during installation. 1. Several components should not be selected as they decrease the security of the system. These include the Simple TCP/IP Services, and theSNMP protocol. 2. For server installations, Indexing Service, Internet Information Service (IIS), and Script Debugger are selected for installation by default in the Windows 2000 Components dialog box. However, most systems do not need these components. On non-web servers IIS and the Script Debugger should be deselected. On systems that do 62
not need file indexing for searching files, the Indexing Service should be deselected, as shown in Figure 3. Note that systems running Microsoft Exchange 2000 will need certain portions of IIS installed. However, security configuration of Exchange 2000 is beyond the scope of this guide.Note that due to the prevalence of wormsexploiting unsecured systems on mostnetworks, it is highly recommended thatsystem running IIS are installed on anisolated network segment, or with nonetwork cable attached, until Service Pack 3or higher is installed.Figure 3: Selecting Windows 2000ComponentsConvert a Windows 2000 Server to aDomain ControllerTo build a domain controller, you must first install one of the Windows 2000 Server family ofproducts, and then promote the system to a domain controller. This can be done using theDCPromo.exe tool. During promotion, you will be presented with a dialoglabeled Permissions (see Figure 4). On this dialog, the radio button for Pre-windows 2000compatible permissions is selected by default. When this option is selected, the Everyone groupbecomes a member of the Pre-Windows 2000 Compatible Access group. That latter group, inturn, has read access to all attributes of all objects in Active Directory. This presents a seriouspotential for security leaks. If you have a system that has already been promoted, you can verifywhether this check box was selected by verifying the membership of the Pre-Windows 2000Compatible Access group. If Everyone is a member of that group, remove it, and then reboot alldomain controllers. A reboot is necessary because the access token governing this access iscreated at boot time.On new installations, where access by non-Windows 2000 servers and clients is not arequirement, this option should be selected. This is only the first example of an instance wherewe can tighten the security significantly in the absence of backward compatibility. 63
Figure 4: Active Directory Permissions Dialog Choosing Good Passwords So much of system security is dependent on choosing good passwords. This topic is covered in detail in this section. In order to understand how to select good passwords on Windows 2000, however, a basic understanding of how the operating system stores passwords is required. Windows 2000 Password RepresentationsBy default, Windows 2000 will never store a clear-text user password. Rather, passwords arestored using two different password representations, commonly called \"hashes.\" The reasonfor using two representations is for backward compatibility.The LMHashThe LMHash, also known as the Lan Manager hash, is technically speaking not a hash at all. Itis computed as follows: 1. Convert all lower case characters in the password to upper case 2. Pad the password with NULL characters until it is exactly 14 characters long 3. Split the password into two 7 character chunks 4. Use each chunk separately as a DES key to encrypt a specific string 5. Concatenate the two cipher texts into a 128-bit string and store the resultAs a result of the algorithm used to generate the LMHash, the hash is very easy to crack. First,even a password longer than 8 characters can be attacked in two discrete chunks. Second, theentire lower-case character set can be ignored. This means that most password cracking toolswill start by cracking the LMHashes and then simply vary the alpha characters in the crackedpassword to generate the case-sensitive passwords. Note that in order to log on to a Windows2000 system, whether remotely or locally, you will need to use the case-preserved password.The NTHashThe NTHash is also known as the Unicode hash, because it supports the full Unicode characterset. The NTHash is calculated by simply taking the plaintext password and generating an MD4hash of it. The MD4 hash is then stored. The NTHash is much more resistant to brute forceattacks than the LMHash. Brute forcing an NTHash takes several orders of magnitude longerthan brute forcing the LMHash of the same password. 64
What constitutes a good password?There are some general guidelines for what constitutes a reasonable password: Longer than 7 characters (otherwise the second half of the LMHash is an encryption using the NULL password Contains elements from at least three of the following four character sets o Uppercase characters o Lowercase characters o Numbers o Non-alpha numeric characters Does not contain any part of the users name, username, or any common wordThis complexity is enforced via a password filter, and can be optionally required using grouppolicy. Additionally, an administrator can customize the complexity requirements by writing acustom password filter. Such a filter could, for example, enforce that company names are notpart of the password, or require additional complexity. For more information on how to writesuch a filter, refer to section on Password Filters in the Microsoft Windows SoftwareDevelopment Kit, at http://msdn.microsoft.com/library/en-us/security/Security/password_filters.asp.However, most passwords like these are still easily cracked. There are several steps that canbe taken to make a password harder to crack Use non-alpha numeric characters other than those from the \"upper row.\" Upper row characters are those you type by holding down SHIFT and typing any number key. Most password crackers know that the upper row characters are the most common method to add entropy to a password and therefore start cracking with those. Use ALT characters. ALT characters are those that you type by holding down the ALT key (the FN+ALT keys on a laptop) and typing a three or four digit number on the numeric keypad (the numeric overlay keypad on a laptop). Most password crackers are not capable of testing the vast majority of ALT characters. Do not allow storage of the LMHash.There are many ways to prevent storage of the LMHash. A system wide method will bediscussed later in the section \"Disable LMHash creation\" in Chapter 5. However, the creation ofan LMHash can be controlled on a per-account basis by constructing the password in certainways.First, if the password is longer than 14 characters, the system is unable to generate anLMHash. In Windows 2000, passwords can be up to 127 characters. 65
Second, if the password contains certain ALT characters, the system will also not be able togenerate an LMHash. This latter point is tricky, because while some ALT characterssignificantly strengthen the password by removing the LMHash, others significantly weaken itsince they are converted into a normal upper-case letter prior to storage. There are manycharacters, however, which will strengthen the password. Table 1 lists all the characters below1024 which cause the LMHash not to be generated.Table 1 ALT characters which cause the LMHash to disappear0128-0159 0306-0307 0312 0319-03200329-0331 0383 0385-0406 0408-04090411-0414 0418-0424 0426 0428-04290433-0437 0439-0447 0449-0450 0452-04600477 0480-0483 0494-0495 0497-06080610-0631 0633-0696 0699 0701-07070709 0711 0716 0718-07290731 0733-0767 0773-0775 07770779-0781 0783-0806 0808-0816 0819-08930895-0912 0914 0918-0919 0921-09270929-0930 0933 0935-0936 0938-09440947 0950-0955 0957-0959 0961-09620965 0967-1024In many environments the LMHash cannot be disabled system wide. This could be the case, forexample, in environments where the operating system is installed over the network by bootingto a DOS disk. DOS does not support the NT hash algorithm and therefore requires the LMHashto be present. DOS also does not support ALT characters in the password. While we recommendthat LMHashes be disabled system wide in all environments where it is feasible, the abovetechniques can be used to strengthen individual passwords in all environments. 66
We particularly recommend using ALT characters on sensitive accounts such as service accountsand administrative accounts. In general, these accounts need greater protection than ordinaryuser accounts, and the users using them should be willing to use very complicated passwords.One caveat is that using ALT characters in a password does break the recovery console, however.This should be kept in mind before setting up passwords with ALT characters.Windows 2000 Service Pack ConsiderationsWindows 2000 Service Packs 2 and higher support high encryption (128-bit) as a default, andwill automatically upgrade the operating system from standard encryption (56-bit) if it hasn'tbeen upgraded already. It is not possible to disable or uninstall this feature. If the Service Packis removed after installation, the operating system will continue to use 128-bit encryption; it willnot revert to back to 56-bit encryption.There is, however, one exception to this. The Protected Store is a data store introduced withInternet Explorer 4.0. The Protected Store is in the process of being deprecated in favor of theData Protection API. However, by default, data in the Protected Store, such as IE usernamesand passwords, are protected using weak encryption, and this encryption is not upgraded duringthe service pack installation. To upgrade the encryption on the Protected Store, you must runthe following command after installing Service Pack 2 or higher:Keymigrt.exeKeymigrt.exe –mThe keymigrt.exe utility also takes the following switches.keymigrt [-f] [-v] [-u] [-m] [-s]CAPI Key upgrade utility -f - Force key upgrade -e - Force Encryption Settings upgrade -v - Verbose -u - Allow upgrade of UI protected keys -m - Upgrade machine keys -s - Show current state, but make no modificationsFor more information on keymigrt.exe and to download the tool, consult Microsoft SecurityBulletin MS00-032 athttp://www.microsoft.com/technet/security/bulletin/ms00-032.mspx.Recommended Actions Prior to Installing Service Pack and Hotfix UpdatesBefore installing any Service Pack or Hotfix updates: 67
1. Close all applications.2. Update the Emergency Repair Disk (ERD): o Click Start, point to Programs, point to Accessories, point to System Tools, and then select Backup.o On the Welcome tab, click Emergency Repair Disk.o In the Emergency Repair Diskette window, choose Also back up the registry to the repair directory to save the current registry files in a folder called \RegBack within the %systemroot%\Repair folder. This is useful if there is a need to recover the system in the event of a failure.o Click OK to create the ERD.o When the ERD is created, the files described in the table below will be copied from the %systemroot%\Repair folder to a floppy disk. File Name ContentsAutoexec.nt A copy of %systemroot%\System32\Autoexec.nt, which is used to initialize the MS-DOS environment.Config.nt A copy of the %systemroot%\System32\Config.nt, which is used to initialize the MS-DOS environment.Setup.log A log of which files were installed and of Cyclic Redundancy Check (CRC) information for use during the emergency repair process. This file has the read-only, system, and hidden attributes, and it is not visible unless the computer has been configured to show all files.3. Perform a full backup of the computer, including the Registry files.4. Verify available disk space with update requirements, which are generally found in thecorresponding Readme file. 68
Computer hardware PeripheralsIntroductionA peripheral is a piece of computer hardware that is added to a computer in order to expand itsabilities. The term peripheral is used to describe those devices that are optional in nature, asopposed to hardware that is either demanded or always required in principle. There are alldifferent kinds of peripherals you can add your computer. The main distinction amongperipherals is the way they are connected to your computer. They can be connected internally orexternally.BusesA bus is a subsystem that transfers data between computer components inside a computer orbetween computers. Unlike a point-to-point connection, a bus can logically connect severalperipherals over the same set of wires. Each bus defines its set of connectors to physically plugdevices, cards or cables together. There are two types of buses: internal and external. Internalbuses are connections to various internal components. External buses are connections to variousexternal components. There are different kinds of slots that internal and external devices canconnect to.InternalTypes of SlotsThere are many different kinds of internal buses, but only a handful of popular ones. Differentcomputers come with different kinds and number of slots. It is important to know what kind andnumber of slots you have on your computer before you go out and by a card that matches up toa slot you don’t have.PCIPCI (Peripheral Component Interconnect) is common in modern PCs. This kind of bus is beingsucceeded by PCI Express. Typical PCI cards used in PCs include: network cards, sound cards, 69
modems, extra ports such as USB or serial, TV tuner cards and disk controllers. Video cards haveoutgrown the capabilities of PCI because of their higher bandwidth requirements. PCI SlotsPCI ExpressPCI Express was introduced by Intel in 2004. It was designed to replace the general-purpose PCIexpansion bus and the AGP graphics card interface. PCI express is not a bus but instead a point-to-point conection of serial links called lanes. PCI Express cards have faster bandwidth then PCIcards which make them more ideal for high-end video cards.PCMCIAPCMCIA (also referred to as PC Card) is the type of bus used for laptop computers. The namePCMCIA comes from the group who developed the standard: Personal Computer Memory CardInternational Association. PCMCIA was originally designed for computer memory expansion, butthe existence of a usable general standard for notbeook peripherals led to many kinds of devicesbeing made available in this form. Typical devices include network cards, modems, and harddisks. 70
AGPAGP (Accelerated Graphics Port) is a high-speed point-to-point channel for attaching a graphicscard to a computer’s motherboard, primarily to assist in the acceleration of 3D computergraphics. AGP has been replaced over the past couple years by PCI Express. AGP cards andmotherboards are still available to buy, but they are becoming less common.Types Of CardsVideo CardA video card (also known as graphics card) is an expansion card whose function is to generateand output images to a display. Some video cards offer added functions, such as video capture,TV tuner adapter, ability to connect multiple monitors, and others. Most video cards all sharesimilar components. They include a graphics processing unit (GPU) which is a dedicatedmicroprocessor optimized for 3D graphics rendering. It also includes a video BIOS that containsthe basic program that governs the video card’s operations and provides the instructions thatallow the computer and software to interface with the card. If the video card is integrated in themotherboard, it may use thecomputer RAM memory. If it is not itwill have its own video memory calledVideo RAM. This kind of memory canrange from 128MB to 2GB. A videocard also has a RAMDAC (Random 71
Access Memory Digital-to-Analog Converter) which takes responsibility for turning the digital signals produced by the computer processor into an analog signal which can be understood by the computer display. Lastly, they all have outputs such as an HD-15 connector (standard monitor cable), DVI connector, S-Video, composite video or componentvideo.Graphics CardSound CardA sound card is an expansion card that facilitates the input and output of audio signals to/froma computer under control of computer programs. Typical uses for sound cards include providingthe audio component for multimedia applications such as music composition, editing video oraudio, presentation/education, and entertainment. Many computers have sound capabilities builtin,, while others require additional expansion cards to provide for audio capability.Network CardA network card is an expansion card that allows computers to communicate over a computernetwork. It allows users to connect to each other either by using cables or wirelessly. Althoughother network technologies exist, Ethernet has achieved near-ubiquity for a while now. EveryEthernet network card has a unique 48-bit serial number called a MAC address, which is storedin ROM carried on the card. You can learn more about networking in the introduction tonetworking lesson.External 72
Types of ConnectionsUSBUSB (Universal Serial Bus) is a serial bus standard to interface devices. USB was designed to allowmany peripherals to be connected using a single standardized interface socket and to improvethe plug-and-play capabilities by allowing devices to be connected and disconnected withoutrebooting the computer. Other convenient features include providing power to low-consumptiondevices without the need for an external power supply and allowing many devices to be usedwithout requiring manufacturerspecific, individual device driversto be installed. USB is by far thedominating bus for connectingexternal devices to yourcomputer.USB ConnectorsFirewireFirewire (technically known as IEEE 1394 and alsoknown as i.LINK for Sony) is a serial bus interfacestandard for high-speed communications andisochronous real-time data transfer, frequentlyused in a personal computer. Firewire has replacedParallel ports in many applications. It has beenadopted as the High Definition Audio-VideoNetwork Alliance (HANA) standard connection interface for A/V (audio/visual) componentcommunication and control. Almost all modern digital camcorders have included this connection. 73
Firewire CablePS/2The PS/2 connector is used for connecting some keyboards and mice to a PC compatiblecomputer system. The keyboard and mouse interfaces are electrically similar with the maindifference being that open collector outputs are required on both ends of the keyboard interfaceto allow bidirectional communication. If a PS/2 mouse is connected to a PS/2 keyboard port, themouse may not be recognized by the computer depending on configuration.PS/2 PortsDevicesRemovable StorageThe same kinds of CD and DVD drives that could come built-in on your computer can also beattached externally. You might only have a CD-ROM drive built-in to your computer but you needa CD writer to burn CDs. You can buy an external CD writer that connects to your USB port andacts the same way as if it was built-in to your computer. The same is true for DVD writers, Blu-ray drives, and floppy drives. Flash drives have become very popular forms of removable storageespecially as the price of flash drives decreases and the possible size for them increases. Flashdrives are usually USB ones either in the form USB sticks or very small, portable devices. USB flashdrives are small, fast, removable, rewritable, and long-lasting. Storage capacities range from 74
64MB to 32GB or more. A flash drive does not have any mechanically driven parts so as opposedto a hard drive which makes it more durable and smaller usually.USB Flash DriveNon-removable StorageNon-removable storage can be a hard drive that is connectedexternally. External hard drives have become very popular forbackups, shared drives among many computers, and simplyexpaning the amount of hard drive space you have from yourinternal hard drive. External hard drives come in many shapes andsizes like flash drives do. An external hard drive is usuallyconnected by USB but you can also have a networked hardrivewhich will connect to your network which allows all computers onthat network to access that hard drive.InputInput devices are absolutely crucial to computers. The most common input devices are mice andkeyboards which barely every computer has. A new popular pointing device that may eventuallyreplace the mouse is touch screen which you can get on some tablet notebooks. Other popularinput devices include microphones, webcams, and fingerprint readers which can also be built into modern laptops and desktops. A scanner is another popular input device that might be built-in to your printer.WebcamOutputThere are lots of different kinds of output devices that you can getfor your computer. The absolute most common external output 75
device is a monitor. Other very popular output devices areprinters and speakers. There are lots of different kinds ofprinters and different sizes of speakers for your computer.Monitors are connected usually through the HD-15 connectoron your video card. Printers are usually connected through a USBport. Speakers have their own audio out port built-in to thesound card. 76
Computer NetworkingIn a network, computers and other (optional) devices are connected to share resources.When a computer or device A is requesting a resource from another computer or device B,the item A is referred to as a client. Because all or most items that are part of a networklive in association or cooperation, almost any one of them can be referred to as a client.Based on this, there can be different types of clients.A workstation is a computer on which a person performs everyday regular assignments. Aworkstation is primarily a personal computer (PC). It can also be a laptop. Almost anymodern PC can be used as a workstation and participate to a network.Before building a computer network, you should plan it. In some cases, you may want touse one or more computers you already have, or you are can purchase new computers.Computer NetworksIf you already have one or more computers that you plan to use as workstations, you canstart by checking the hardware parts installed in the computer. As mentioned already, youcan use use existing computers or purchase new ones.The computers used in a network must meet some requirements. The system requirementsdepend on the (type of) operating system (we will come back to operating systems inanother section). For our network, we will use computers that run Microsoft Windows 7.Network Distribution: Building a network consists partly of connecting the computers:Besides the computers, you will use other objects. 77
Network Cables: Cable is used to connect computers. Although we may use wirelessnetworking, you should always have cables with you. The most commonly used cable isreferred to as Category 5 cable RJ-45. The ends of the cable appear as follows:They can be in different colors: 78
You can purchase this cable from a general store, a computer store, or web store on theInternet. When purchasing it, get one with at least 6ft.Network Distributors:We mentioned that you could connect one computer to another. This can be done usingtheir serial ports:This is possible because almost every computer has a serial port. If you have to connectmany computers to produce a network, this serial connection would not be practical. Thesolution is to use a central object that the computers and other resources can connect to,and then this object becomes responsible to “distribute” or manage network traffic:The most regularly used types of network distributors are the hub, the router, and theswitch.Hub: A hub is rectangular box that is used as the central object on which computers andother devices are connected. To make this possible, a hub is equipped with small holescalled ports. Here is an example of a hub:Although this appears with 4 ports, depending on its type, a hub can be equipped with 4,5, 12, or more ports. Here is an example of a hub with 8 ports: 79
When configuring it, you connect an RJ-45 cable from the network card of a computer toone port of the hub.In most cases for a home-based or a small business network, you may not need (orshouldn't use) a hub.Router: Like a hub, a router is another type of device that acts as the central point amongcomputers and other devices that are part of a network. Here is an example of a wiredrouter:A router functions a little differently than a hub. In fact, a router can be considered a little\"intelligent\" than the hub.Like a hub, the computers and other devices are connected to a router using network cables.To make this possible, a router is equipped with holes, called ports, in the back. Here is anexample:Based on advances in the previous years from IEEE and other organizations or researchcompanies, there are wireless routers. With this type, the computers and devices connectto the router using microwaves (no physical cable).Wired network Cards: internal: In order to connect to a network, a computer must beequipped with a device called a network card. A network card, or a network adapter, alsocalled a network interface card, or NIC, allows a computer to connect to the exterior. If youbuy a computer from one of those popular stores or big companies on the Internet, mostof their computers have a network card tested and ready. You can reliably use it. If you go 80
to a store that sells or manufactures computers, you can ask them to install or make surethat the computer has a network card.If you have a computer that doesn’t have a network card, you can install one. If you havea computer that already has a network card, you can still replace it.When it comes to their installation, there are roughly two categories of network cards:internal and external. An internal network card looks like a printed circuit board with someobjects \"attached\" or \"glued\" to it and it appears as follows:What this card looks like may not be particularly important and it may depend on themanufacturer but some of its aspects are particularly important. To start, there are twotypes of cards and you should know which one is suited (or which one you want to use) foryour computer. One type of NICs uses a peripheral component interconnect (PCI)connection. Another type uses industry standard architecture (ISA).There are two primary ways you replace an internal network card. In most cases, you willremove the card your computer already has and install a new one. In some other cases,you will only add a new card but you cannot replace the existing one because it is part ofthe motherboard. The area where you add a network card is called a slot.To proceed, you must find out what your computer has to offer when it comes to networkcards. To do this, you have three main alternatives. You can open the computer andexamine the available slots of your computer. They are usually located inside of what wouldbe considered as the back wall of the computer. If you know where you connect the monitor,you should be able to locate the area that has the slots. Unfortunately, unless you haveexperience with this, simply looking at the slots will not tell you what type of connectionyou are dealing with.The second alternative is to open the manual that came with your computer (provided youhaven’t thrown it away). The manual usually lists the (types of) slots that your computerprovides and where they are located.The last alternative to knowing the types of slots that your computer provides is to contactthe company that sold you the computer. They usually know, as long as you give them themodel of the computer.Once you know the type of slot available to you, you can go on the Internet or to a computerstore and buy an appropriate network card. One of the most important characteristics of anetwork card is the speed it can use to carry information (data). The speeds are either 10or 100Mbps (megabits per second). When buying a network card, you should pay attentionto this. 81
Your computer manufacturer also may sell network cards intended for your computer.After buying a network card intended for internal installation, you can/must install it. Thenetwork card should come with a manual and all (easy to follow) instructions. You can alsoinstall the network card after setting up the computer, which we will cover in anothersection.Wired network Cards: External: We mentioned that a network card could also be used orinstalled externally. This can be done using USB. Before using it, you can purchase it froma computer store or a web store. The device may look like this:Here is another example:If you buy one of these objects, its documentation will guide you.Wireless Network Cards: Depending on your network budget or your customer's, instead ofusing wired network cards, you can use wireless ones. Most laptops already have a wirelesscard built-in so you may not have to acquire one. Many new desktop computers (from HP)now have built-in wireless capability.A wireless NIC appears as its wired counterpart. Here are two examples: 82
Overall, the physical installation of a wireless network card follows the same rules as thatof a wired NIC. They normally come with easy to follow instructions but it may be a goodidea to install the wireless network adapters after installing the wireless router. Also, it maybe a good idea to purchase the network cards and the wireless router from the samemanufacturer.Most desktop computers (workstations) come without a wireless network card. If youpurchase a computer from one of the big companies on the Internet, you can choose tohave it shipped with a wireless NIC. Some companies may propose to install it beforeshipping the computer. If you buy a computer from a store and if you want to use wirelessnetworking, you can buy a wireless network card separately. As stated already, a wirelessnetwork card is not particularly difficult to install.Besides the wireless network cards that can be installed inside the computer, you can useexternal cards. These are installed using a USB port. Here is an example of a USB adapter:Here is another example: 83
These adapters, like most USB objects, are easy to connect and use. Like the other hardware parts, when you connect these, the computer detects them and helps you get them ready for use. Unlike desktop computers, most laptops nowadays come equipped with a wireless network card (in fact most laptops today ship with both a wired and a wireless adapters). This means that, after purchasing or acquiring a laptop, you should simply check whether it has a wireless adapter. The way you check this depends on the laptop. Therefore, check its documentation.Network AccessoriesPrinters If you attach a printer to one computer and share it, when that computer is off, nobody can print. An alternative is to purchase a network printer. That is, a printer that will directly connect to the network and people can print to it any time. There are two types of printers in this case: Some printers come equipped with a network card. In this case, you can use an RJ- 45 cable to connect it to a router or a hub Most printers nowadays have a USB port that can be used to connect them to a router Many printers come equipped with wireless capability. This means that the computers can connect to the printer without using a wire and they can print If you are using a wireless network and your printer doesn't have wireless capabilties, you can purchase a wireless print server. This allows you to connect almost any type of printer, with or without a network card, to the network. You can purchase a wireless print server from a computer store or from a web store. It is usually easy to install as it comes with easy-to-follow instructions. Internet Service Provider: An Internet Service Provider (ISP) is a company that serves as the intermediary between your network (or you) and the Internet. If you plan to give access to the Internet to the members of your network, you may need this type of company. You can start by checking with your local telephone company or your local TV cable company. Firewall: Firewall is a security measure that consists of protecting your network from intruders. This is primarily important if you plan to connect your network to the Internet. There are two types of firewalls: hardware and software. For a small network, when buying a router, you can inquire as to whether it has a built-in firewall. Many of them do. Alternatively, you can use or configure one of the computers of your network as a firewall. 84
Knowledge of Companies SOP’sPURPOSE AND APPLICABILITYThis standard operating procedure (SOP) describes the procedures for annual maintenance ofequipment in the IMPROVE sampling network. Annual maintenance is solely the responsibilityof the field specialist, or field technicians working for the Organization.Prior to annual maintenance, the field technician shall review and summarize all theinformation collected at each site during the previous year in order to characterize thefunctioning of each site. The data recorded during weekly maintenance of the IMPROVEsamplers, as well as any problems detected during quality assurance procedures shall beincorporated into the site summary. This reference will be used to determine whether extramaintenance or troubleshooting is required at each site.Annual site maintenance shall be performed by field technicians. Each site will be visited, thecyclones, stacks and inlets cleaned, the electronics checked, the pumps re-built or replaced,and the samplers audited and new calibration equations recorded. Operator training andreview sessions, and sampler upgrades shall also be performed at this time.Field Technician The field technician shall: · Perform annual site maintenance · Perform site operator training and review sessions · Maintain records on equipment repair and modification 85
Safety PrecautionsFinding a Place to WorkThe first thing you need to think about when planning your new homebuilt computer has nothingto do with parts, performance, or configuration.You need to find a place to work.Staking Out your Work AreaProfessionals and die-hard home computer builders usually have work benches that arededicated to nothing but computer work. But most home computer builders are not so lucky.Still, most people can find someplace to build their new PC. Here are some things to think aboutwhen deciding where you will work:• You need a sturdy table or workbench. Ideally, you'll want a table that's big enough to hold acomputer laying on its side, your tools, the parts you are installing, and any technical documentsor instructions you will be using.• The table should be clean and non-metallic. If not, then you'll need to cover it with a non-conductive surface such as a plastic table cloth or a piece of plywood or Masonite.• Your work area should be well-lit and have a grounded AC power outlet that you can plug asurge suppressor into so you can test your new PC once it's assembled.• Avoid places that are damp, subject to temperature extremes, dirty, or dusty.• If possible, try to avoid carpeted rooms. Carpeting tends to generate a lot of static when youwalk across it. (If your work area is carpeted and your parents, spouse, or landlord object toyour ripping it up, then just then pay special attention to anti-static precautions.)COMPUTER SAFETY TIPSBackupsThe most important precaution against any risk of data loss is a full, up-to-date backup. Tapebackup drives are the wisest form of insurance for your computer, and good tape drives are veryinexpensive ($150.00 or less). This will protect you against lightning, fire, theft, accidental dataloss, virus damage, hardware “crashes”,etc. The two most important things to remember aboutbackups are 1) Backup regularly - full backups weekly and partial backups daily is best and 2)Keep a full backup in another location, such as at home or in a safety deposit box. This way youwill not lose your data in a fire or if the computer is stolen. 86
Telephone line dangerOne potential threat to your computer which most often goes unnoticed is your modemconnection. Surges and power fluctuations can hit your system through your phone line andcause serious damage. Make sure your power strip or battery backup has telephone lineprotection. During a heavy electrical storm, your safest phone line protection is to disconnectthe phone jack from your modem.Battery backupsA single power outage is not as damaging to your computer as the extreme surges and drops inpower that occur during a blackout, brownout, or just your ordinary lightning storm. Yourcomputer is very sensitive to power fluctuations - protect yourself against this. UninterrruptedPower Supplies (UPS) are available at most any computer store or Office supply store. The“Blackout Buster” is a very good battery backup which also provides surperior protection throughyour modem/fax/telephone line. The Blackout Buster retails for $129.00 and is available at CompUSA.Turn off your computerMany of our clients are on networks and have made it a habit to keep the computers on all thetime. Monsoon season is the exception to the rule. Whenever a storm or brownout is expected,your safest strategy is to turn off all computers and monitors. These precautions can save youa great deal of frustration and loss.Occupational Health and Safety Procedure (OHS) this is about Safety and Anti-Static Rules1. When possible, try to avoid working in carpeted areas. Carpeting greatly increases staticbuildup within your body.2. Personal protective equipment are correctly used.3. Hazard/risks in the workplace and their corresponding indicators are identified to minimize oreliminate risk to co-workers, workplace and environment.4. Always handle electronic components by a non-conducting (non-metallic) edge. Don't touchthe pins or other connectors.5. Read and follow instructions on the manual carefully.6. Do not eat, drink or smoke while assembling the computer 87
7. When working on a computer avoid places that are damp, subject to temperature extremes,dirty, or dusty.8. The table should be clean and non-metallic to avoid short circuits9. Always disconnect a computer from the AC power and from any powered peripherals whileyou are working on it.10. Never plug an ATX power supply into AC power while adding and connecting cards ofmotherboard. 88
Module: 3Troubleshoot and Replace Faulty Module 89
Service - Level AgreementA service-level agreement (SLA) is defined as an official commitment that prevails between aservice provider and the customer. Particular aspects of the service – quality, availability,responsibilities – are agreed between the service provider and the service user. The mostcommon component of SLA is that the services should be provided to the customer as agreedupon in the contract. As an example, Internet service providers and telcos will commonly includeservice level agreements within the terms of their contracts with customers to define the level(s)of service being sold in plain language terms. In this case the SLA will typically have a technicaldefinition in terms of mean time between failures (MTBF), mean time to repair or mean time torecovery (MTTR); identifying which party is responsible for reporting faults or paying fees;responsibility for various data rates; throughput; jitter; or similar measurable details.SLAs commonly include many components, from a definition of services to the termination ofagreement. To ensure that SLAs are consistently met, these agreements are often designed withspecific lines of demarcation and the parties involved are required to meet regularly to createan open forum for communication. Rewards and penalties applying to the provider are oftenspecified. Most SLAs also leave room for periodic (annual) revisitation to make changes.Since late 1980s SLA's have been used by fixed line telecom operators. SLAs are so widely usedthese days that larger organizations have many different SLAs existing within the company itself.Two different units in an organization script a SLA with one unit being the customer and anotherbeing the service provider. This practice helps to maintain the same quality of service amongstdifferent units in the organization and also across multiple locations of the organization. Thisinternal scripting of SLA also helps to compare the quality of service between an in-housedepartment and an external service provider.The output received by the customer as a result of the service provided is the main focus of theservice level agreement.Service level agreements are also defined at different levels: Customer-based SLA: An agreement with an individual customer group, covering all the services they use. For example, an SLA between a supplier (IT service provider) and the finance department of a large organization for the services such as finance system, payroll system, billing system, procurement/purchase system, etc. 90
Service-based SLA: An agreement for all customers using the services being delivered by the service provider. For example: A mobile service provider offers a routine service to all the customers and offers certain maintenance as a part of an offer with the universal charging. An email system for the entire organization. There are chances of difficulties arising in this type of SLA as level of the services being offered may vary for different customers (for example, head office staff may use high-speed LAN connections while local offices may have to use a lower speed leased line). Multilevel SLA: The SLA is split into the different levels, each addressing different set of customers for the same services, in the same SLA. Corporate-level SLA: Covering all the generic service level management (often abbreviated as SLM) issues appropriate to every customer throughout the organization. These issues are likely to be less volatile and so updates (SLA reviews) are less frequently required. Customer-level SLA: covering all SLM issues relevant to the particular customer group, regardless of the services being used. Service-level SLA: covering all SLM issue relevant to the specific services, in relation to this specific customer group.Components of SLAA well defined and typical SLA will contain the following components:[5] Type of service to be provided: It specifies the type of service and any additional details of type of service to be provided. In case of an IP network connectivity, type of service will describe functions such as operation and maintenance of networking equipments, connection bandwidth to be provided, etc. The service’s desired performance level, especially its reliability and responsiveness: A reliable service will be the one which suffers minimum disruptions in a specific amount of time and is available at almost all times. A service with good responsiveness will perform the desired action promptly after the customer requests for it. The steps for reporting issues with the service: This component will specify the contact details to report the problem to and the order in which details about the issue have to be reported. The contract will also include a time range in which the problem will be looked upon and also till when the issue will be resolved. Response and issue resolution time-frame: Response time-frame is the time period by which the service provider will start the investigation of the issue. Issue resolution time- frame is the time period by which the current service issue will be resolved and fixed. 91
Monitoring process and service level reporting: This component describes how the performance levels are supervised and monitored. This process involves gathering of different type of statistics, how frequently this statistics will be collected and how this statistics will be accessed by the customers. Repercussions for service provider not meeting its commitment: If the provider is not able to meet the requirements as stated in SLA then service provider will have to face consequences for the same. These consequences may include customer's right to terminate the contract or ask for a refund for losses incurred by the customer due to failure of service.Performa Computer and Network Systems Service Level Agreement (SLA)This Agreement entered into on this day of 2011 by and betweenDakotech Inc., a Michigan Corporation, herein after referred to as Dakotech, with offices locatedin Ann Arbor Michigan and a (Corporation, LLC,Partnership) herein after referred to as Client. RECITALSWhereas Dakotech is an IT Company validly existing and in good standing under the laws of theState of Michigan, with power to carry on its business as it is now being conducted.Whereas Client is a doing business in Michigan and is in need of ITservices and whereas Client desires to retain Dakotech to service Client under the followingterms and conditions: AGREEMENTDakotech shall provide to Client Support which includes, but is not limited to the following: 92
This Agreement is for onsite and remote Corporate Support services provided for the offices, orbuilding of Client, Headquartered at:Any discounts offered under this Agreement are not transferrable and cannot be extended toother businesses or entities.1. This Agreement may be used toward residential computer and network support for Client staff and family, providing the work is approved by Client and requested as part of the Client extended user network. 1.1. Troubleshooting of reported computer or network problems, 1.2. Installing and configuring computer operating systems, application software 1.3. Remote support 1.4. User access addition(s) / removal(s) 1.5. Office automation and technology integration, long-term planning, technology consultation 1.6. Computer network asset documentation and acquisition services 1.7. Practice Management Software customizations and interface/file structure design 1.8. Computer, Server and Network security services, network optimization services2. Additional Support services including, but is not limited to the following may be contracted by client and will be quoted and billed separately: 2.1. Structured Wiring and network physical infrastructure 2.2 Planning 93
2.3 Design 2.4 Installation and troubleshooting servicesThis Agreement includes descriptions of types of Support and the applicable rate structures.New services, and some specific services not explicitly described here may be priced separatelythan rates described herein. Services requiring their own rate structure will be defined andapproved of by Client prior to commencing. SUPPORT TYPESClient shall have the right to purchase from Dakotech the Support type it desires, which includethe following: 1. Standard Support / Remote Support 2. Premium Support 3. Consulting Services / Project Management 4. Office Automation 5. Managed Services 6. Specialized, Quoted Services and signed addendum 7. Travel Fees SUPPORT PLAN OPTIONS1. Corporate Standard Support / Remote Support 1.1. The rate for Corporate Standard Support based on the support level the Client chooses found in Appendix A. 1.2. Corporate Standard Support is provided by appointment, Monday - Friday from 8 AM to 5 PM (EST). 1.3. Corporate Standard Support appointments are scheduled in either the AM (before noon) or PM (after noon) time slots, usually within 2 business days, as call volume and technician availability allows. 1.3.1. Corporate Standard Support may be provided onsite or by working remotely. 94
1.3.2. If a technician is required onsite an additional flat-rate Travel Fee will be applied as defined in Appendix A. 1.3.3. Standard Corporate on-site Support is billed in one-hour (1) increments for initial hour and quarter hours (1/4) thereafter. 1.3.4. Remote support is billed in one quarter (1/4) hour increments. 1.3.5. All on-going work is billed at actual time over-riding time minimums. 1.3.6. Generally Dakotech will strive to provide the most responsive support to all incoming requests, and therefore clients may receive quicker response to Corporate Standard Support requests during periods of low call volume. This is done in the interest of good Client service and in no way implies Dakotech will always be able, or obligated to deliver immediate resolutions to requests at the Corporate Standard Support rate.2. Corporate Premium Support 2.1. The rate for Corporate Premium Support is based on the support level the Client chooses found in Appendix A. 2.2. Corporate Premium Support applies to requests made for support outside of Monday - Friday from 8 AM to 5 PM (EST). Corporate Premium Support also applies to unscheduled requests for immediate response (typically due to Mission Critical situations). Clients demanding an immediate same day support which diverts technicians from other already scheduled tasks will be billed for Corporate Premium Support. 2.3. Corporate Premium Support is available 24 hours a day 7 days a week. 2.4. Corporate Premium Support may be provided onsite or by working remotely. 2.5. If a technician is required onsite an additional flat-rate Travel Fee will be applied as defined in Appendix A. 2.6. Corporate Premium on-site Support is billed in one-hour (1) increments for initial hour and quarter hour (1/4) increments thereafter. 2.7. Remote support is billed in one quarter hour (1/4) increments. 2.8. All on-going work for the same issue is billed at actual time over-riding all time minimums.3. Paperless Office Automation The Rate for Paperless Office Automation is found in Appendix A.4. Consulting Service / Project Management The rate for Consulting Services / Project Management is based on the support level the 95
Client chooses found in Appendix A. 4.1. Consulting Services Dakotech services either directly to the client or vendor regarding but not limited to the following: new hardware/software selection (example of vendor correspondence billed to client, Dell system selection, QuickBooks pre-sales questions), or general questions answered via phone or e-mail about technology. 4.2. Project Management Dakotech manages IT moves between buildings, entities, consolidations and new acquisitions requiring IT management of any sort.5. Managed Services 5.1. The rate for Managed Services is based on the support level the Client chooses found in Appendix A. 5.2. Managed Services All labor charges for DakoCloud, DakoStorage Remote Backup and Dako services as defined by other signed elected agreements shall be billed as such.6. Travel Fees 6.1. A flat fee Travel Fee is applied per-technician, per-visit as defined in Appendix A. 6.2. No additional technician travel time is billed to Client. Support Plans 1. Break / Fix (Pay as you go, Standard or Premium Support) Credit Card on file or Prepayment 2. DakoIT (Preventative Maintenance Plan) Credit Card on file or Prepayment1. Break / Fix 1.1. Pay as you go for IT support as needed. 1.2. Target response time is 24-48 hours for support with Standard Support and the Customer associated Rate structure. 1.3. Two (2) Hour onsite response time with Premium Support at the Customer associated Rate Structure. 1.4. Can lead to highly volatile situations as customers call typically when things are broken requiring Premium Support. 96
2. DakoIT (Preventative Maintenance Plan) 2.1. DakoIT – Level One 2.1.1. Includes six hours of Support per month – Typically allocated as: 2.1.1.1. Required: Two hours allocated for critical system updates and management of server and/or desktop workstations (Disk Cleanup and Defragmentation included). 2.1.1.2. Specialty and 3rd Party software may need to be updated via scheduled bi-weekly visits. 2.1.1.3. Four hours on-site in bi-weekly scheduled visits or divided up as customer needs mandate to address 3rd Party Software updates and/or User issues. 2.1.1.4. Bi-weekly site visits may be canceled the day before their scheduled time and added to another scheduled visit in the same calendar month. 2.1.1.5. Monthly pre-purchased hours do not accrue; hours expire on the last day of the calendar month if not used. 2.1.2. Service Contract Fees – Paid Prior to Month 2.1.2.1. Requires a service contract with a minimum of $600/month guarantee. 2.1.2.2. Includes managed software fee per user. 2.1.2.3. Travel Fees are included for up to two scheduled visits per month. 2.1.2.4. Travel fees apply to all other visits. 2.1.3. If additional hours greater than the included six hours are required, standard rates apply as found in Exhibit A operating in either a break/fix or pre-payment. 2.1.4. Dakotech may install 3rd Party Application(s) to assist in the management and support of the Client’s server(s)/workstation(s) environment. 2.2. DakoIT – Level Two 2.2.1. Includes ten hours of Support per month – Typically allocated as: 2.2.1.1. Required: Two hours for critical system updates and management of server and/or desktop workstations (Disk Cleanup and Defragmentation included). 2.2.1.2. Specialty and 3rd Party software may need to be updated via scheduled weekly/bi-weekly visits. 2.2.1.3. A maximum of four site visits per month or divided up as customer needs mandate to address 3rd Party Software updates and/or User issues. 2.2.1.4. Weekly or Bi-Weekly site visits may be canceled the day before their scheduled time and added to another scheduled visit in the same calendar month. 2.2.1.5. Monthly pre-purchased hours do not accrue; hours expire on the last day of the calendar month if not used. 97
2.2.2. Service Contract Fees – Paid Prior to Month 2.2.2.1. Requires a service contract with a minimum of $1000/month guarantee. 2.2.2.2. Includes managed software fee per user. 2.2.2.3. Travel Fees are included for up to four scheduled visits per month. 2.2.2.4. Travel Fees apply to all other visits. 2.2.3. If additional hours greater than the included ten hours is require, standard rates apply as found in Exhibit A operating in either a break/fix or pre-payment. 2.2.4. Dakotech may install 3rd Party Application(s) to assist in the management and support of the Client’s server(s)/workstation(s) environment. PAYMENTS1. Payments by Client to Dakotech shall be prompt and Client shall pay under one of the following plans: 1.1. Credit Card on file 1.2. A predetermined Prepayment amount as outlined in Appendix A. 1.3. Signed addendum stating some other form of acceptable payment.2. Rates are outlined herein and in Appendix A.3. A $35 late fee is added to all corporate payments in addition to 18% interest (compounded annually).4. Dakotech Support Professionals do not accept payments.5. If mailed payments are required, payments shall be mailed to the address on the invoice: Dakotech, Box 1702, Ann Arbor MI 48106. BILLING1. Billable time begins upon arrival at location or upon the beginning of Phone, Email, Remote administration support session.2. Work cancellation requests for corporate Clients within 48 hours are subject to a cancellation fee the higher of $100 or 10% of the original estimate.3. Invoices are sent via Email and/or via U.S. Mail with one or more of the following options applied by Dakotech: 3.1. Within 7 days after support session. This applies to Customers typically in a Break / Fix environment. 98
3.2. Monthly summary invoice; this applies to Customers typically who have a Credit Card on File or have elected prepaid payment options. 3.3. Progress billing consisting of large projects over one week in duration may incur progress billing for all costs and labor incurred to that date.4. After 15 days of receiving an invoice amounts due are automatically charged against your Credit Card on file or your Prepayment balance. All billing disputes must be made within 15 days prior to invoice due date via email using [email protected]. Prepaid Support Clients may receive a weekly summary from Dakotech of billable work performed the prior week under this support contract with an indication of balance remaining in Prepayment account.6. Prepayment Options, Discounts, Applicable Rates (All prepaid clients are automatically enrolled in the DakoIT Preventative Maintenance Plan as indicated under Dakotech Support Types). 6.1. Dakotech provides discounts for prepaid support. Discounts apply to Corporate Standard Support and Premium Corporate Support 6.2. Corporate Standard Support can be provided at a discounted rate as described in Appendix A when Prepaid, and purchased for the equivalent of forty (40) eighty (80) one-hundred twenty (120) or more hours. Dakotech provides discounts for prepaid support. Discounts apply to Corporate Standard Support and Premium Corporate Support 6.3. Remote, phone and email Support, can be provided at a discounted rate as described in Appendix A when Prepaid, and purchased for the equivalent of forty (40) eighty (80) one-hundred twenty (120) or more hours. 6.4. Any Corporate Premium Support necessary at client location shall be provided at a discounted rate of $120/hour, and shall be deducted from the prepaid balance. 6.5. Discounts do not apply to software and hardware purchased through Dakotech, as these are generally provided at or near cost as a service to clients. 6.6. Discounts do not apply to travel fees. Each technician dispatched to client location will require a $35.00 travel fee, per technician, per visit. 6.7. Travel fees will be deducted from prepaid amount balance 6.8. When prepaid support balance reaches five hundred dollars ($500.00), prepayment can be renewed, or allowed to expire. If allowed to expire, subsequent Corporate Support will be billed at the regular, undiscounted hourly rates. 6.9. Prepayment amounts never expire and are held in escrow. 99
6.10. All amounts referenced are in U.S. Dollar7. Termination of Prepayment Service Support Option Agreement can be terminated at any time, and the following will apply: 7.1. All administrative passwords and proprietary Client data and infrastructure notes including but not limited to user names and passwords will be turned over to Client upon request, within 72 hours of written notice of intent to terminate the SLA. These requests must be sent to [email protected]. No Client information will be surrendered if outstanding amounts are due on the Client account. 7.2. All final amounts due at Agreement termination are due via check (not credit card) prior to any disbursements of Client data or infrastructure notes including but not limited to user name and passwords. 7.3. Upon notice of intent to terminate a Prepaid Agreement any unused balance of funds shall be returned to Client within 30 days of termination, to allow time for all pending time slips to be reviewed and processed against the balance or service rendered. 7.4. Upon notification of termination of a Prepaid Agreement all discounted rates for subsequent support work not yet billed will revert back to the normal, undiscounted rate structure, including labor necessary to compile and return Client data, the later of which is not to exceed 2 hours. 7.5. If a Client has a balance due at the time of termination of a Prepaid Agreement, said amount due is payable at the current discounted subscribed rate via Check. 7.6. Dakotech can terminate all Prepaid Agreements at anytime refunding all unused funds at Client discounted subscribed rate. 7.7. Subscribed prepaid client rates are set by Dakotech and determined by the Client as referenced in Exhibit A. For rate clarification if needed a subsequent signed addendum may coincide for determining prepaid Amounts when the customer changes the rate structure via new Prepayment amount. 7.8. Email confirmation shall suffice in lieu of a signed renewal or updated SLA or addendum. 100
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
